DigiCert has announced that starting September 8, 2025, it will stop supporting the HTTP/1.0 protocol for OCSP and CRL checks. This change impacts customers using VPN Site-to-Site or Remote Access VPN Security Gateways with certificates issued by DigiCert External CA.
Who is affected?
-
If your Security Gateways do not use DigiCert External CA, no action is required.
-
To check whether your VPN/Remote Access Security Gateways are using DigiCert External CA, follow the simple instructions provided by Check Point here.
Without upgrading protocol support, DigiCert certificate validation may fail. This could directly disrupt the functionality of Site-to-Site and Remote Access VPNs running on Check Point gateways.
Check Point’s solution
-
A discovery tool to identify VPN/Remote Access gateways using DigiCert External Certificates
-
A hotfix update, which upgrades communication to HTTP/1.1 once applied to the gateway, ensuring VPN service continuity
Detailed information about affected Security Gateways, usage of the discovery tool, and the hotfix can be found on Check Point’s official website.
